CVE-2013-2238

Multiple buffer overflows in the switchperformsubstitution function in switchregex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to the index and substituted variables...

CVE-2021-37624

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...

The vulnerability of the program-defined telecommunication stack FreeSWITCH, related to incorrect handling of exceptional states, allows a intruder to trigger a service failure.

The vulnerability of the program-defined telecommunication stack FreeSWITCH is related to incorrect handling of exceptional states. Exploiting this vulnerability can allow a malicious actor to cause a service failure by sending a ClientHello DTLS message with an invalid CipherSuite this triggers ...

FreeSWITCH Denial Of Service Exploit

FreeSWITCH versions prior to 1.10.11 remote denial of service exploit that leverages a race condition in the hello handshake phase of the DTLS protocol. include include include include define IP "127.0.0.1" define PORT 5061 int main SSLlibraryinit; SSLloaderrorstrings; OpenSSLaddsslalgorithms;...

FreeSWITCH 1.10.10 Denial Of Service Vulnerability

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. FreeSWITCH...

FreeSWITCH < 1.10.11 DoS Vulnerability

FreeSWITCH is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-51443

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...

Race condition

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...

CVE-2023-51443

CVE-2023-51443 affects FreeSWITCH versions before 1.10.11. A race condition in the DTLS-SRTP handshake (DTLS ClientHello with invalid CipherSuite) can trigger a DTLS error, tearing down media and cascading to SIP signaling, causing DoS for new DTLS-SRTP calls. The documented fix is upgrading to F...

CVE-2023-51443 FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...

CVE-2023-51443 FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...

CVE-2023-51443

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...

CVE-2023-51443 FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...

FreeSWITCH Security Breach

FreeSWITCH is a free, open-source communications software program developed by Anthony Minessale, an individual developer in the United States. The software can be used to create audio, video, and SMS products and applications. A security vulnerability exists in FreeSWITCH version 1.10.10, which ...

FreeSWITCH 1.10.10 Denial Of Service

FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation - Fixed versions: 1.10.11 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-02-freeswitch-dtls-hello-race - Vendor Security Advisory:...

PT-2023-8586 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.11 Description: The issue is related to incorrect handling of exceptional states in the FreeSWITCH software-defined telecom stack, which can lead to a Denial of Service DoS when handling DTLS-SRTP for media...

CVE-2023-40018

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...

CVE-2023-40019

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

CVE-2023-40018

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...

CVE-2023-40019

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...